A base class that implements some of the boilerplate for a PreAuthenticationProvider. More...

Inherits MediaWiki\Auth\AbstractAuthenticationProvider, and MediaWiki\Auth\PreAuthenticationProvider.

Inherited by MediaWiki\Auth\ThrottlePreAuthenticationProvider.

Collaboration diagram for MediaWiki\Auth\AbstractPreAuthenticationProvider:

[legend]

Public Member Functions

getAuthenticationRequests ( $action, array $options)

Return the applicable list of AuthenticationRequests.Possible values for $action depend on whether the implementing class is also a PreAuthenticationProvider, PrimaryAuthenticationProvider, or SecondaryAuthenticationProvider.

ACTION_LOGIN: Valid for passing to beginAuthentication. Called on all providers.
ACTION_CREATE: Valid for passing to beginAccountCreation. Called on all providers.
ACTION_LINK: Valid for passing to beginAccountLink. Called on linking primary providers only.
ACTION_CHANGE: Valid for passing to AuthManager::changeAuthenticationData to change credentials. Called on primary and secondary providers.
ACTION_REMOVE: Valid for passing to AuthManager::changeAuthenticationData to remove credentials. Must work without additional user input (i.e. without calling loadFromSubmission). Called on primary and secondary providers.

See also: AuthManager::getAuthenticationRequests()

Parameters

string	$action
array	$options	Options are: username: Username related to the action, or null/unset if anon. ACTION_LOGIN: The currently logged-in user, if any. ACTION_CREATE: The account creator, if non-anonymous. ACTION_LINK: The local user being linked to. ACTION_CHANGE: The user having data changed. ACTION_REMOVE: The user having data removed. If you leave the username property of the returned requests empty, this will automatically be copied there (except for ACTION_CREATE and ACTION_LOGIN).

Returns: AuthenticationRequest[]

postAccountCreation ( $user, $creator, AuthenticationResponse $response)

Post-creation callback.This will be called at the end of an account creation attempt. It will not be called if the account creation process results in a session timeout (possibly after a successful user creation, while a secondary provider is waiting for a response).

Parameters

User	$user	User that was attempted to be created. This may become a "UserIdentity" in the future.
User	$creator	User doing the creation. This may become a "UserIdentity" in the future.
AuthenticationResponse	$response	Authentication response that will be returned (PASS or FAIL)

postAccountLink ( $user, AuthenticationResponse $response)

Post-link callback.This will be called at the end of an account linking attempt.

Parameters

User	$user	User that was attempted to be linked. This may become a "UserIdentity" in the future.
AuthenticationResponse	$response	Authentication response that will be returned (PASS or FAIL)

postAuthentication ( $user, AuthenticationResponse $response)

Post-login callback.This will be called at the end of a login attempt. It will not be called for unfinished login attempts that fail by the session timing out.

Note: Under certain circumstances, this can be called even when testForAuthentication was not; see AuthenticationRequest::$loginRequest.

Parameters

User \| null	$user	User that was attempted to be logged in, if known. This may become a "UserIdentity" in the future.
AuthenticationResponse	$response	Authentication response that will be returned (PASS or FAIL)

testForAccountCreation ( $user, $creator, array $reqs)

Determine whether an account creation may begin.Called from AuthManager::beginAccountCreation()

Note: No need to test if the account exists, AuthManager checks that

Parameters

User	$user	User being created (not added to the database yet). This may become a "UserIdentity" in the future.
User	$creator	User doing the creation. This may become a "UserIdentity" in the future.
AuthenticationRequest[]	$reqs

Returns: StatusValue

testForAccountLink ( $user)

Determine whether an account may linked to another authentication method.

Parameters

User $user User being linked. This may become a "UserIdentity" in the future.

Returns: StatusValue

testForAuthentication (array $reqs)

Determine whether an authentication may begin.Called from AuthManager::beginAuthentication()

Parameters

AuthenticationRequest[] $reqs

Returns: StatusValue

testUserForCreation ( $user, $autocreate, array $options=[])

Determine whether an account may be created.

Parameters

User	$user	User being created (not added to the database yet). This may become a "UserIdentity" in the future.
bool \| string	$autocreate	False if this is not an auto-creation, or the source of the auto-creation passed to AuthManager::autoCreateUser().
array	$options	flags: (int) Bitfield of IDBAccessObject::READ_* constants, default IDBAccessObject::READ_NORMAL creating: (bool) If false (or missing), this call is only testing if a user could be created. If set, this (non-autocreation) is for actually creating an account and will be followed by a call to testForAccountCreation(). In this case, the provider might return StatusValue::newGood() here and let the later call to testForAccountCreation() do a more thorough test. canAlwaysAutocreate: (bool) If true the session provider is exempt from autocreate user permissions checks. performer: (Authority) The performer of the action, used for user rights checking.

Returns: StatusValue

Public Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider

getUniqueId ()

Return a unique identifier for this instance.This must be the same across requests. If multiple instances return the same ID, exceptions will be thrown from AuthManager.

Returns: string

init (LoggerInterface $logger, AuthManager $manager, HookContainer $hookContainer, Config $config, UserNameUtils $userNameUtils)

Initialise with dependencies of an AuthenticationProvider.

Additional Inherited Members
Protected Member Functions inherited from MediaWiki\Auth\AbstractAuthenticationProvider
	getHookContainer ()

	getHookRunner ()

	postInitSetup ()
	A provider can override this to do any necessary setup after init() is called.

Protected Attributes inherited from MediaWiki\Auth\AbstractAuthenticationProvider
Config	$config

LoggerInterface	$logger

AuthManager	$manager

UserNameUtils	$userNameUtils

Detailed Description

A base class that implements some of the boilerplate for a PreAuthenticationProvider.

Stability: stable: to extend

Since: 1.27

Definition at line 16 of file AbstractPreAuthenticationProvider.php.

Member Function Documentation

◆ getAuthenticationRequests()

MediaWiki\Auth\AbstractPreAuthenticationProvider::getAuthenticationRequests	(		$action,
		array	$options )

Return the applicable list of AuthenticationRequests.Possible values for $action depend on whether the implementing class is also a PreAuthenticationProvider, PrimaryAuthenticationProvider, or SecondaryAuthenticationProvider.

ACTION_LOGIN: Valid for passing to beginAuthentication. Called on all providers.
ACTION_CREATE: Valid for passing to beginAccountCreation. Called on all providers.
ACTION_LINK: Valid for passing to beginAccountLink. Called on linking primary providers only.
ACTION_CHANGE: Valid for passing to AuthManager::changeAuthenticationData to change credentials. Called on primary and secondary providers.
ACTION_REMOVE: Valid for passing to AuthManager::changeAuthenticationData to remove credentials. Must work without additional user input (i.e. without calling loadFromSubmission). Called on primary and secondary providers.

See also: AuthManager::getAuthenticationRequests()

Parameters

string	$action
array	$options	Options are: username: Username related to the action, or null/unset if anon. ACTION_LOGIN: The currently logged-in user, if any. ACTION_CREATE: The account creator, if non-anonymous. ACTION_LINK: The local user being linked to. ACTION_CHANGE: The user having data changed. ACTION_REMOVE: The user having data removed. If you leave the username property of the returned requests empty, this will automatically be copied there (except for ACTION_CREATE and ACTION_LOGIN).

Returns: AuthenticationRequest[]

Stability: stable: to override

Implements MediaWiki\Auth\AuthenticationProvider.

Definition at line 24 of file AbstractPreAuthenticationProvider.php.

◆ postAccountCreation()

MediaWiki\Auth\AbstractPreAuthenticationProvider::postAccountCreation	(		$user,
			$creator,
		AuthenticationResponse	$response )

Post-creation callback.This will be called at the end of an account creation attempt. It will not be called if the account creation process results in a session timeout (possibly after a successful user creation, while a secondary provider is waiting for a response).

Parameters

User	$user	User that was attempted to be created. This may become a "UserIdentity" in the future.
User	$creator	User doing the creation. This may become a "UserIdentity" in the future.
AuthenticationResponse	$response	Authentication response that will be returned (PASS or FAIL)

Stability: stable: to override

Implements MediaWiki\Auth\PreAuthenticationProvider.

Definition at line 63 of file AbstractPreAuthenticationProvider.php.

◆ postAccountLink()

MediaWiki\Auth\AbstractPreAuthenticationProvider::postAccountLink	(		$user,
		AuthenticationResponse	$response )

Post-link callback.This will be called at the end of an account linking attempt.

Parameters

User	$user	User that was attempted to be linked. This may become a "UserIdentity" in the future.
AuthenticationResponse	$response	Authentication response that will be returned (PASS or FAIL)

Stability: stable: to override

Implements MediaWiki\Auth\PreAuthenticationProvider.

Definition at line 78 of file AbstractPreAuthenticationProvider.php.

◆ postAuthentication()

MediaWiki\Auth\AbstractPreAuthenticationProvider::postAuthentication	(		$user,
		AuthenticationResponse	$response )

Post-login callback.This will be called at the end of a login attempt. It will not be called for unfinished login attempts that fail by the session timing out.

Note: Under certain circumstances, this can be called even when testForAuthentication was not; see AuthenticationRequest::$loginRequest.

Parameters

User \| null	$user	User that was attempted to be logged in, if known. This may become a "UserIdentity" in the future.
AuthenticationResponse	$response	Authentication response that will be returned (PASS or FAIL)

Stability: stable: to override

Implements MediaWiki\Auth\PreAuthenticationProvider.

Reimplemented in MediaWiki\Auth\ThrottlePreAuthenticationProvider.

Definition at line 40 of file AbstractPreAuthenticationProvider.php.

◆ testForAccountCreation()

MediaWiki\Auth\AbstractPreAuthenticationProvider::testForAccountCreation	(		$user,
			$creator,
		array	$reqs )

Determine whether an account creation may begin.Called from AuthManager::beginAccountCreation()

Note: No need to test if the account exists, AuthManager checks that

Parameters

User	$user	User being created (not added to the database yet). This may become a "UserIdentity" in the future.
User	$creator	User doing the creation. This may become a "UserIdentity" in the future.
AuthenticationRequest[]	$reqs

Returns: StatusValue

Stability: stable: to override

Implements MediaWiki\Auth\PreAuthenticationProvider.

Reimplemented in MediaWiki\Auth\ThrottlePreAuthenticationProvider.

Definition at line 47 of file AbstractPreAuthenticationProvider.php.

◆ testForAccountLink()

MediaWiki\Auth\AbstractPreAuthenticationProvider::testForAccountLink ( $user )

Determine whether an account may linked to another authentication method.

Parameters

User $user User being linked. This may become a "UserIdentity" in the future.

Returns: StatusValue

Stability: stable: to override

Implements MediaWiki\Auth\PreAuthenticationProvider.

Definition at line 70 of file AbstractPreAuthenticationProvider.php.

◆ testForAuthentication()

MediaWiki\Auth\AbstractPreAuthenticationProvider::testForAuthentication ( array $reqs )

Determine whether an authentication may begin.Called from AuthManager::beginAuthentication()

Parameters

AuthenticationRequest[] $reqs

Returns: StatusValue

Stability: stable: to override

Implements MediaWiki\Auth\PreAuthenticationProvider.

Reimplemented in MediaWiki\Auth\ThrottlePreAuthenticationProvider.

Definition at line 32 of file AbstractPreAuthenticationProvider.php.

◆ testUserForCreation()

MediaWiki\Auth\AbstractPreAuthenticationProvider::testUserForCreation	(		$user,
			$autocreate,
		array	$options = [] )

Determine whether an account may be created.

Parameters

User	$user	User being created (not added to the database yet). This may become a "UserIdentity" in the future.
bool \| string	$autocreate	False if this is not an auto-creation, or the source of the auto-creation passed to AuthManager::autoCreateUser().
array	$options	flags: (int) Bitfield of IDBAccessObject::READ_* constants, default IDBAccessObject::READ_NORMAL creating: (bool) If false (or missing), this call is only testing if a user could be created. If set, this (non-autocreation) is for actually creating an account and will be followed by a call to testForAccountCreation(). In this case, the provider might return StatusValue::newGood() here and let the later call to testForAccountCreation() do a more thorough test. canAlwaysAutocreate: (bool) If true the session provider is exempt from autocreate user permissions checks. performer: (Authority) The performer of the action, used for user rights checking.

Returns: StatusValue

Stability: stable: to override

Implements MediaWiki\Auth\PreAuthenticationProvider.

Definition at line 55 of file AbstractPreAuthenticationProvider.php.

The documentation for this class was generated from the following file:

includes/Auth/AbstractPreAuthenticationProvider.php

Public Member Functions

Additional Inherited Members

Detailed Description

Member Function Documentation

◆ getAuthenticationRequests()

◆ postAccountCreation()

◆ postAccountLink()

◆ postAuthentication()

◆ testForAccountCreation()

◆ testForAccountLink()

◆ testForAuthentication()

◆ testUserForCreation()